package org.andao.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter;

/**
 *  <code>SecurityHttpServletRequestFilter</code><p>
 * 认证用户过滤器.这个过滤器主要用来设置当前用户到request中，以供tomcat访问日志能读取到当前操作人账号.<p>
 * @author Marco.hu(hzg139@163.com)
 */
public class SecurityHttpServletRequestFilter extends SpringSecurityFilter{

	@Override
	public int getOrder() {		
		return FilterChainOrder.ANONYMOUS_FILTER;
	}
	
	@Override
	protected void doFilterHttp(HttpServletRequest servletRequest,	HttpServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;		
		if (!(request instanceof SecurityHttpServletRequestWrapper)) { 
				request = new SecurityHttpServletRequestWrapper(request); 
		} 	
		if(logger.isDebugEnabled()) 
			logger.debug("set current user : "+request.getRemoteUser());
		request.setAttribute("_currentuser", request.getRemoteUser());
		chain.doFilter(request, response);
	}
	
	
	
	
}
